Cologne Bonn Airport


In-page navigation:

End of section: return to navigation within the page



Comprehensive service area of the website

Privacy Policy

Privacy Policy and information for data subjects according to Art. 13, 14 GDPR

The protection of your personal data is an important concern for Flughafen Köln/Bonn GmbH (hereinafter referred to as 'Flughafen Köln/Bonn GmbH' or FKB). The collection and processing of your personal data by our company therefore takes place exclusively within the framework of data protection regulations. On this page we inform you in accordance with Art. 13 of the General Data Protection Regulation (GDPR) about the collection and processing of your personal data.

Responsible for data processing is Flughafen Köln/Bonn GmbH, Heinrich-Steinmann-Str. 12, 51147 Cologne, represented by the Managing Directors Johan Vanneste (Chairman) and Torsten Schrank. You can contact the .

When operating our website, we work together with external service providers that we have carefully selected and committed to comply with data protection law by concluding a contract for data processing in accordance with Art. 28 EU-GDPR.

When visiting this website and using its functionalities, we process your personal data as follows:

1. Server Log Files

If you visit our website, we collect what are known as server log files. This is access data that we process to ensure system security (e.g. to detect technical errors or automated access by bots). Technically we can trace transmission errors, check the activities of the firewall or perform a search engine optimization.

The following information is recorded in the server log files:

  • IP address in anonymous form to determine the location of access and host name
  • Time of access and duration of visit
  • Previously visited website
  • Requested website including the number of pages viewed and the last page opened before leaving the website
  • Browser type and version
  • Operating system and device type used.

These server log files contain the IP address of the user. This is stored in plain text for a period of three days. This is in our legitimate interest in a technically secure and optimized web offer (legal basis: Art. 6 I 1 f GDPR) The IP address will be anonymized after three days, so that personal references can no longer be made. The log files are deleted after 7 days.

2. Cookies

This website uses cookies. We use cookies to personalize content and ads, to provide social media features, and to analyse traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other information that you have provided to them or that they have collected as part of your use of the services.

We use different types of cookies. When you visit our website, we ask you explicitly whether you agree to the use of cookies or not. For this purpose, a cookie banner appears on your first visit to our site, which informs you about the use of cookies. When you visit our website, we set technically necessary cookies that enable us to provide our website in a technically optimal way. This is in our overriding legitimate interest (Art. 6 I 1 e, f GDPR). Furthermore, you can select by ticking the box whether you agree to the use of cookies from the categories "Preferences", "Statistics" and "Marketing" (Art. 6 I 1 a GDPR). By clicking on the "Show details" button, you can obtain further information on the cookies used.

You can change or withdraw your consent at any time from the cookie declaration on our website.

2.1 Necessary cookies

If you visit our website, we set technically necessary cookies that enable us to provide our website in a technically optimal way (Art. 6 I 1 e, f GDPR).

2.2 Preferences

Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are located in.

2.3 Statistics

Statistical cookies help us understand how visitors interact with websites by collecting and reporting information anonymously.

2.4 Marketing

Marketing cookies are used to follow visitors to websites. The intent is to show ads that are relevant and appealing to the individual user and therefore more valuable to publishers and third-party advertisers.

3. Google Analytics

Providing your consent, this website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses what are known as (tracking) cookies. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookies about your use of this website is usually transferred to a Google [AB1] server in the USA and stored there.

The storage of Google Analytics cookies and the use of this analysis tool only takes place if you have agreed to this via our cookie banner (legal basis: Article 6 I 1 a EU-GDPR). Specifically, the Google Analytics script is loaded with every page view, but tracking data is only collected and transmitted to Google after you click "Agree". You can revoke your consent at any time using the link below.

IP anonymization: We have activated the IP anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. For the exceptional cases in which personal data is transferred to the USA, an adequate level of data protection is ensured.

Withdrawal of your consent: You can prevent the collection of your data by Google Analytics and withdraw your consent given to us to use Google Analytics by clicking on the following link. An opt-out cookie is then set to prevent the collection of your information on future visits to this site: Disable Google Analytics.

Order processing: We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage duration: The cookies set by Google remain on your terminal device even after you leave our website (for up to 2 years). The use of long-term cookies makes it possible to recognise you when you visit our website again. The recognition is done with these cookies to optimise the content of our website. User and event-level data stored at Google that is linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=en 

You can find more information on how Google Analytics handles user data in the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en 

Google Tag Manager is a solution that manages website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect IP addresses/personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation is performed at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. http://www.google.de/tagmanager/use-policy.html 

4. Social media: Facebook/Twitter/Instagram/YouTube

4.1 Links

On our website, you can click on various social media tools and view our details there or exchange information with other users about our services. These are Facebook, Twitter, Instagram[AB2]  and YouTube. You can recognise these offers by the respective icons.

The links to the social media offers, which you can access via buttons and icons, enable you to share our offer with others. If you click on a link or icon, you will be redirected from our website to the respective third party provider. Then your data will be transmitted to the respective third party provider, in particular the site from which you came. This also applies if you do not have your own account with the respective provider or are not logged in. If you have your own account, the provider will regularly link the information about which page you came from to your account. This is also possible when you are not logged in.

We have no control over what personal data these third parties collect and how they handle it when you use the social media platforms. We are not aware of this either.

Through social media links, we enable you to receive even more attractive offers from us on other channels and to communicate directly with these offers and their users; in addition, you can conveniently share our offers with others in various ways. In this way, we make our website more interesting for you. The embedding of social media offerings is in our overriding, justified corporate interest (Art. 6 I 1 f EU-GDPR). By actively clicking on it, you can decide for yourself whether your personal data will be transferred to the third-party providers. The evaluation of the usage analyses sent to us by Facebook also serves to fulfil our task and is in our overriding, legitimate interest (Art. 6 I 1 e EU-GDPR). The provision of usage data via Facebook is carried out in an anonymised form.

4.2 Usage evaluation

We use the usage evaluations ("page insights") provided by Facebook to continuously improve our Facebook page. This data is only collected by Facebook and transmitted to us if you have a Facebook account and visit our site there.  We are responsible for data processing together with Facebook. We have entered into an agreement with Facebook on this subject, which transparently regulates the sharing of obligations (Art. 26 EU-GDPR; available at www.facebook.com/legal/terms/page_controller_addendum). The main content of this agreement is that Facebook is primarily responsible for visitor data processing and fulfils all relevant obligations of the EU-GDPR in relation to the processing of visitor data (including but not limited to the fulfilment of the rights of the data subject). Below we show you where you can get more information about data processing at Facebook.

Otherwise, we have no influence on what personal data these third-party providers collect and how they handle it.  We are not aware of this either. Please note that some of these providers are located outside the EU and your data is therefore likely to be transferred to third countries for which an adequate level of data protection is not necessarily guaranteed. You can obtain further information on the handling of your data from the respective third-party providers.

4.3 Integration of YouTube videos

You can also watch videos on our website: These are integrated into our online offer, so that you can watch the videos directly on our site. The integration of the videos directly into our site is done by activating the advanced privacy settings of YouTube. When you watch the video, information about you is sent to YouTube, including your IP address and the page from which you came, including information about which video you are viewing. This also applies if you do not have your own account with the respective provider or are not logged in. If you have your own account, YouTube can link this information to your account, even if you are not logged in.

If you watch the video (via our site or on YouTube), your data is transmitted to YouTube, in particular about the site from which you came. This also applies if you do not have your own account with the respective provider or are not logged in.

We have no control over what personal information YouTube collects and how it handles it. We are not aware of this either.

4.4 Further information on the handling of your data

Please note that the parent companies of the above-mentioned employees are located in the USA. If you use our offers on these platforms, your data will therefore probably be transferred to third countries for which an adequate level of data protection is not necessarily guaranteed. Insofar as personal data is transferred to the USA, an adequate level of data protection is ensured.

5. General contact

At various points on the website you have the opportunity to contact FKB on numerous topics. This applies in particular to specific inquiries or complaints. We process the personal data (name and contact details) and your message exclusively to be able to process your request in the best possible way. This is in our legitimate interest (Art. 6 para. 1 lit. f GDPR). We do not transmit your data to third parties, except if it is absolutely necessary for the processing of your request.

6. Travis/Flight tracks live

On our website you have the possibility to follow live flight paths of aeroplanes that are taking off and landing. You also have the possibility in this application to submit complaints to us. Your personal data provided for this purpose (name, postal address, e-mail address, telephone number if applicable, content of the complaint) will be processed exclusively for the purpose of processing the complaint and, if applicable, contacting you. This is in our legitimate interest (Art. 6 para. 1 lit. f GDPR).

As part of the noise complaint function, you also have the option of marking your location on a map. Travis uses an offer by the provider Google Maps (see below).

7. Google Maps

We use Google Maps at various points on our website to make our website more usable and attractive for you. When you click on the map from Google Maps, data is transmitted to Google. Google Maps is a service provided by Google Ireland Limited. We have no influence on what data Google collects and how Google handles the data. More on that:

Third party information: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Privacy Policy: https://policies.google.com/privacy 

Google's parent company is based in the USA, so we cannot safely rule out the possibility that data may be transferred there. However, even in these cases, an adequate level of data protection is ensured.

Map embedding enables FKB to provide the Travis function as well as to make the web offer more attractive and usable overall. It is therefore in our legitimate interest (Art. 6 I 1 f GDPR), especially since the user can decide whether to transfer their data to Google by accessing our offer.

8. Booking of group tours

On our website you have the possibility to make bookings for group tours. We process the personal data provided by you (name, contact details, dates) exclusively in order to be able to provide our contractually owed services (Art. 6 para. 1 lit. b, f GDPR). We only transfer the data to the responsible authorities within the scope of our legal obligations.

9. New registration (Airport Club)

You have the possibility to register for the FKB Airport Club on our website. The main purpose of membership is to ensure that you or your company, as a business partner of FKB, are constantly informed about news at and around the airport, especially electronically via e-mail. We process the personal data you provide (name and contact details) exclusively in order to offer you the free, quasi-contractual service within the framework of the Airport Club (Art. 6 para. 1 lit. b, f GDPR). We do not transfer the data to third parties.

10. Registration form (Airport Club)

You have the possibility to register for events of the FKB Airport Club using an online form. We process the personal data you provide (name and contact details) exclusively in order to offer you the registration as a free, quasi-contractual service (Art. 6 para. 1 lit. b, f GDPR). We do not transfer the data to third parties.

11. Applying for security passes

You have the possibility to apply for security passes online. We process the personal data provided by you in this context (including name, address, contact details, company name) solely in order to process your application (Art. 6 para. 1 lit. b, f GDPR).

12. Climate Neutral Flying (My Climate)

On our website, you have the opportunity to make your flights climate-neutral through a cooperation partner and use payments to support climate protection projects worldwide. You can make the corresponding calculation on our website using the tool provided by the third-party provider My Climate. FKB mediates this offer exclusively. We would like to point out that FKB can neither influence the content of these offers nor have access to the personal data you provide in this context. The cooperation partner is myclimate Deutschland gGmbH, Borsigstraße 6, 72760 Reutlingen, Germany. If you have any questions regarding data protection, please contact the respective providers directly at https://de.myclimate.org/en/data-privacy 

13. Mediation of hotel bookings

On our website you have the possibility to book hotels through a cooperation partner. FKB mediates these offers exclusively. We would like to point out that FKB can neither influence the content of these offers nor have access to the personal data you provide in this context. The cooperation partner is Hotel DE GmbH, Hugo-Junkers-Str. 15-17, 90411 Nuremberg. If you have any questions regarding data protection, please contact the respective providers directly at www.hotel.de/About/DataProtection.

14. Arrangement of flight bookings

On our website you have the possibility to book travel services through a cooperation partner. We would like to point out that FKB can neither influence the content of these offers nor have access to the personal data you provide in this context. The cooperation partner is Kiwi.com s.r.o., ID no. 29352886, with registered office in Palachovo náměstí 797/4, Starý Lískovec, postcode 625 00 Brno. If you have any questions regarding data protection, please contact the provider directly. The use of cookies in connection with the use of the website is only based on your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

15. Mediation of bookings of charter and private flights

On our website you have the possibility to book charter and private flights through a cooperation partner. We would like to point out that FKB can neither influence the content of these offers nor have access to the personal data you provide in this context. FKB mediates these offers exclusively. Cooperation partner is PRO SKY AG, Schanzenstraße 6-20, 51063 Cologne, Germany. If you have any questions regarding data protection, please contact the respective providers directly at www.pro-sky.com/de/datenschutz.

16. Google WebFonts

Our website uses Google WebFonts, a service provided to us by Google, Ireland Limited. This service enables us to provide you with a consistent, visually appealing presentation of our website using the font library obtained through this service. This is done by loading the fonts used on this website through the browser you use and then displaying them.

According to our information, the browser you use for this purpose establishes a connection to the servers of our service provider and information is collected that our website was accessed with the IP address you used. It is possible that your IP address will also be transmitted to the USA. Our service provider ensures an adequate level of data protection.

A uniform and visually attractive design of our website is in our overriding, justified interest (Art. 6 I 1 f EU-GDPR). No user analysis is carried out, nor is a user profile created; your IP address is used exclusively for the targeted transmission of fonts. Furthermore, fonts.google.com records the number of visits to your page ("page views").

Information from the third party provider Google about WebFonts https://fonts.google.com/about 

17. Data security

In order to protect your personal data in the best possible way, we use TLS encryption (https standard) for technical and organisational security measures, which are also adapted to the current state of the art in a risk-appropriate manner.

18. Rights of data subjects

We shall fulfil the rights to which you are entitled immediately and free of charge. Please contact us for this purpose.

As far as personal data are processed which refer to you as a natural person, you are entitled to various data protection claims against us. In accordance with § 34 of the Federal Data Protection Act ("BDSG"), Art. 15 of the GDPR, you have the right to information about the data stored about you and its origin, the recipients or categories of recipients to whom the data is passed on and the purpose of the storage.

In addition, you may be entitled to correction, deletion or restriction (of processing) of your personal data in accordance with § 35 BDSG, Art. 16-18 GDPR.

In addition, you can request the transfer of the data to another responsible body in accordance with Art. 20 EU-GDPR. In the event that the requirements of Art. 20 Para. 1 GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are mandatory for the operation of the website. They are therefore not based on consent under Article 6(1)(a) GDPR or on a contract under Article 6(1)(b) GDPR, but are justified under Article 6(1)(f) GDPR, meaning that the conditions of Article 20(1) GDPR are not fulfilled.

You can also object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6 I 1 f GDPR); if we do not process your data for advertising purposes, this requires a special reason. In the event of an objection, we will no longer process your personal data from the time of receipt during the examination which will then follow. After the examination has been completed – if the objection is justified – we will delete your data from our active databases and only note in an advertising block file that you do not wish to be contacted by us (§ 36 BDSG, Art. 21 GDPR).

You can revoke any consent you have given us for data processing (Art. 6 I 1 a EU-GDPR) at any time; we will then not process your personal data further and delete it, unless there is legal permission for further processing.

An objection or revocation does not affect the admissibility of data processing in the past.

We shall fulfil the rights to which you are entitled immediately and free of charge. Please contact our data protection officer; the contact details can be found at the beginning of this Privacy Policy.

If you are of the opinion that data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (Section 19 BDSG, Art. 77 GDPR). This also includes the data protection supervisory authority responsible for us, which you can reach at the following contact details:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
40102 Düsseldorf
Kavalleriestraße 2-4
40213 Düsseldorf

Tel: +49 (0) 2 11/384 24-0
Fax: +49 (0) 2 11/384 24-10
Email:
Homepage: http://www.ldi.nrw.de 

19. Updates

We will update this Privacy Policy from time to time to adapt it to new developments. If we have the opportunity to contact you, we will notify you of relevant changes.

This Privacy Policy dated: 04/2020

Privacy policy and information for data subjects according to Art. 13, 14 GDPR

Flughafen Köln/Bonn GmbH (hereinafter referred to as: FKB) is committed to protecting your personal data. The collection and processing of your personal data by our company therefore takes place exclusively within the framework of data protection regulations. On this page we inform you about the collection and processing of your personal data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

We work together with external service providers to operate our website. We have carefully selected these service providers and have obligated them in accordance with data protection regulations by concluding a data processing contract in accordance with Art. 28 EU-GDPR.

When you visit this website and use its features, we process your personal data as follows:

1. Server Log Files

When you visit our website, we collect so-called server log files. This is access data that we process to ensure system security (e.g. to detect technical errors or automated access by bots). Technically, it is possible to trace transmission errors, check firewall activity or perform search engine optimisation.

The following information is recorded in the server log files:

  • IP address in anonymised form to determine the location of access and host name.
  • Time of access and duration of visit,
  • previously visited website
  • requested website including the number of pages viewed and the last page opened before leaving the website,
  • browser type and version,
  • operating system and device type used

These server log files contain the IP address of the user. This is stored in plain text for a period of three days. This serves our legitimate interest in a technically secure and optimised web offer (legal basis: Art. 6(1) f GDPR). The log files are deleted after 3 days.

2. Cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features, and to analyse traffic to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other information that you have provided to them or that they have collected as part of your use of the services.

We use different types of cookies. When you visit our website, we ask you explicitly whether you agree to the use of cookies or not. A cookie banner appears when you first visit our site, which informs you about the use of cookies. When you visit our website, we set technically necessary cookies that enable us to provide our website in a technically optimal manner. This serves our overriding legitimate interest (Art. 6(1) e, f GDPR). Furthermore, by ticking a box you can select whether you agree to the use of cookies from the categories "preferences", "statistics" and "marketing" (Art. 6(1) a GDPR). By clicking the "Show details" button, you can obtain further information about the cookies we use.

You can change or withdraw your consent from the cookie declaration on our website at any time.

2.1 Necessary cookies

When you visit our website, we set technically necessary cookies that enable us to provide our website in a technically optimal manner (Art. 6(1) e, f GDPR).

2.2 Preferences

Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are located in.

2.3 Statistics

Statistics cookies help us understand how visitors interact with websites by collecting and reporting information anonymously.

2.4 Marketing

Marketing cookies are used to follow visitors to websites. The intention is to show ads that are relevant and appealing to the individual user and are therefore more valuable to publishers and third party advertisers.

3. Google Analytics

If you have granted your consent, this website uses functions of the web analysis service Google Analytics. The service provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called (tracking) cookies. These are text files which are stored on your computer and allow your use of website to be analysed. Cookie-generated information on your use of our website will normally be transferred to a Google server in the USA where it is saved.

The storage of Google Analytics cookies and the use of this analysis tool only takes place if you have agreed to this via our cookie banner (legal basis: Article 6(1) a EU-GDPR). Specifically, the Google Analytics script is loaded with every page view, but tracking data is only collected and transmitted to Google after you click on "agree". You can revoke your consent at any time using the link below.

IP-anonymisation: We have activated the IP Anonymisation function on this website. As a result, your IP address will be shortened by Google within a member state of the European Union or in another state party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptions will your full IP address be transferred to a Google server in the USA and shortened there. Google will use this information to assess your use of the website, compile reports about website activities and to perform other services relating to the use of our website and the internet on behalf of the operator of this website. The IP address transferred by your browser through Google Analytics will not be merged with other Google data. In exceptional cases where personal data is transferred to the USA, an adequate level of data protection is ensured.

Withdrawal of consent: You can prevent the collection of your data by Google Analytics and revoke the consent you granted to us to use Google Analytics by clicking on the following link. An opt-out cookie is then set to prevent the collection of your data when you visit this site in the future: Disable Google Analytics.

Order processing: We have concluded a contract for order processing with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage duration: The cookies set by Google remain on your terminal device even after you leave our website (for up to 2 years). The use of long-term cookies makes it possible to recognise you when you visit our website again. The recognition using these cookies serves to optimise the contents of our website. User and event-level data stored at Google that is linked to cookies, user IDs or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link:  support.google.com/analytics/answer/7667196

You can find more information on how Google Analytics handles user data in the Google privacy policy: support.google.com/analytics/answer/6004245

Google Tag Manager is a solution that manages website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect IP addresses/personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been performed at the domain or cookie level, it will apply to all tracking tags implemented with Google Tag Manager. www.google.de/tagmanager/use-policy.html

4. Social media: Facebook/Twitter/Instagram/YouTube

4.1 Links

On our website you can click on various social media tools and view our entries there or exchange information with other users about our offer. The social media tools are Facebook, Twitter, Instagram and YouTube. You can recognise these offers by their respective icons.

The links to the social media offers, which you can access via buttons and icons, enable you to share our offer with others. If you click on a link or icon, you will be redirected from our website to the respective third party provider. Your data will then be transmitted to the respective third party provider, in particular the site from which you came. This also applies if you do not have your own account with the respective provider or are not logged in. If you have your own account, the provider will regularly assign the information about which page you came from to your account. This is also possible when you are not logged in.

We have no control over what personal data these third parties collect and how they handle it when you use the social media platforms. We are not aware of this either.

Through social media links, we allow you to receive even more attractive offers from us on other channels and to communicate directly with these offers and their users; in addition, you can conveniently share our offers with others in various ways. This makes our website more interesting for you. The embedding of social media offerings serves our overriding, justified company interest (Art. 6(1) f EU-GDPR). By actively clicking on it, you decide for yourself whether your personal data will be transferred to the third party providers. The evaluation of the usage analyses sent to us by Facebook also serves to fulfil our task and our overriding, legitimate interest (Art. 6(1) e EU-GDPR). The provision of usage data via Facebook is carried out in an anonymised form.

4.2 Usage evaluation

We use the usage evaluations ("Page Insights") provided by Facebook to continuously improve our Facebook page. This data is only collected by Facebook and transmitted to us if you have a Facebook account and visit our site there.  We are jointly responsible for data processing with Facebook. We have entered into an agreement with Facebook on this subject, which transparently regulates the sharing of obligations (Art. 26 EU-GDPR; available at www.facebook.com/legal/terms/page_controller_addendum). The essential point of this agreement is that Facebook is primarily responsible for visitor data processing and fulfils all relevant obligations of the EU-GDPR in relation to the processing of visitor data (including but not limited to the fulfilment of the rights of the data subject). In the following we inform you where you can get more information about data processing at Facebook.

Otherwise, we have no influence on what personal data these third party providers collect and how they handle it.  We are not aware of this either. Please note that some of these providers are located outside the EU and your data is therefore likely to be transferred to third countries for which an adequate level of data protection is not necessarily guaranteed. You can obtain further information on the handling of your data from the respective third-party providers.

4.3 Embedding of YouTube videos

You can also watch videos on our website: These are embedded into our online offer, so that you can watch the videos directly on our site. The videos are embedded directly into our site with the advanced YouTube privacy settings activated. When you watch a video, information about you is sent to YouTube, including your IP address and the page from which you came, including information about which video you are viewing. This also applies if you do not have your own account with the respective provider or are not logged in. If you have your own account, YouTube can assign this information to your account, even if you are not logged in.

If you watch the video (via our site or on YouTube), your data is transmitted to YouTube, especially the site from which you came. This also applies if you do not have your own account with the respective provider or are not logged in.

We have no influence over what personal data YouTube collects and how they handle it. We are not aware of this either.

4.4 Further information on the handling of your data

Please note that the parent companies of the above service providers are located in the USA. If you use our offers on these platforms, your data is therefore likely to be transferred to third countries for which an adequate level of data protection is not necessarily guaranteed. Insofar as personal data is transferred to the USA, an adequate level of data protection is ensured

5. General contact

At various points on the website you have the opportunity to contact FKB regarding various topics. This especially applies to specific inquiries or complaints. We process the personal data (name and contact details) and your message exclusively to be able to process your request in the best possible way. This serves our legitimate interest (Art. 6(1) f GDPR). We do not transfer your data to third parties, except if it is absolutely necessary for the processing of your request.

  • Newsletter: You can subscribe to our email newsletter if you wish to be kept up to date on airport news. Before sending the newsletter for the first time, we obtain your consent (Art. 6(1) a) GDPR). You have the option to revoke your consent for the future at any time and in each individual newsletter. Please use the unsubscribe function in the newsletter or contact our data protection officer.
  • Create a user account: On our website you can create a user account. This makes it easier for you to book parking repeatedly and regularly. We process the personal data you provide (name and contact details, user name, password) exclusively in order to offer you the user account as a free, quasi-contractual service (Art. 6(1) b, f GDPR). We do not transfer the data to third parties.
  • Number plate capture: When you enter the airport premises, we record the number plate of the vehicle entering the airport as well as the time of entry, exit and non-cash means of payment for the following purposes: Traffic management/avoidance of bottlenecks/congestion and smooth operation, prevention and investigation of crimes, prevention of unauthorised returns of SEPA direct debits, number plate related reservation and airport wide ticket management. We store the data for up to 13 months after exit. This serves our legitimate interest (Section 4 German Federal Data Protection Act (BDSG), Art. 6(1) sentence 1 f) GDPR). In order to park without your number plate being recorded, please follow the lane markings for an alternative lane when approaching.
  • Booking parking: On our website you can make an online parking space booking. We process the personal and parking relevant data you provide (name, contact details, parking details, vehicle registration number, if applicable) exclusively in order to provide the services we are contractually obliged to provide (Art. 6(1) b GDPR). In addition to the reservation confirmation and the corresponding invoice, you may receive additional information that is directly related to your specific parking procedure. When booking parking services, we work together with third party service providers who provide us with technical assistance or carry out payment transactions technically and whom we have contractually committed to adhere to data protection and data security.   
  • Competition: On our website you can take part in a competition. We process the personal data you provide in the course of taking part in the competition (name, email address and any other information you may provide) exclusively for the purpose of conducting this competition (Art. 6(1) b) GDPR).

Your personal data is usually stored as long as it is legally required or necessary for the fulfilment of a contract or your inquiry or, in case of consent, until you have revoked your consent. We will only store your data for longer periods of time if it serves our legitimate interest and your interests do not outweigh this.

6. Data security

In order to protect your personal data in the best possible way, we use TLS encryption (https standard) for technical and organisational security measures, which are also adapted to the current state of the art in a risk-appropriate manner.

7. Data subject rights

We fulfil the rights to which you are entitled immediately and free of charge. Please contact us for this purpose.

Insofar as personal data is processed which refers to you as a natural person, you are entitled to various data protection claims against us. In accordance with Section 34 of the German Federal Data Protection Act ("BDSG"), Art. 15 of the GDPR, you have the right to information about the data stored about you and its origin, the recipients or categories of recipients to whom the data is transferred and the purpose of the storage.

In addition, you may be entitled to the rectification, erasure or restriction (of processing) of your personal data in accordance with Section 35 BDSG, Art. 16-18 GDPR.

In addition, you may request the transfer of the data to another data controller in accordance with Art. 20 EU-GDPR. In the event that the requirements of Art. 20(1) GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are required for the operation of the website. They are therefore not based on consent under Article 6(1) a) GDPR or on a contract under Article 6(1) b) GDPR, but are justified under Article 6(1) f) GDPR. The conditions of Article 20(1) GDPR are therefore not fulfilled in this respect.

You can also object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6(1) f GDPR); if we do not process your data for advertising purposes, this requires a special reason. In the event of an objection, we will no longer process your personal data from the time we receive the objection during the subsequent review and, after completion of the review - if the objection is justified - we will delete the data from our active databases and only note in an advertising block file that you do not wish to be contacted by us (Section 36 BDSG, Art. 21 GDPR).

You can revoke any consent you have granted us for data processing (Art. 6(1) a EU-GDPR) at any time; we will then not process your personal data further and delete it, unless there is legal permission for further processing.

An objection or revocation does not affect the admissibility of data processing in the past.

We fulfil the rights to which you are entitled immediately and free of charge. Please contact our data protection officer; the contact details can be found at the beginning of this privacy policy.

If you are of the opinion that data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (Section 19 BDSG, Art. 77 GDPR). This also includes our competent data protection supervisory authority, which you can contact using the following contact details:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Kavalleriestraße 2-4
40213 Düsseldorf

Tel..: +49 (0) 211 384 24-0 Fax: +49 (0) 2 11 384 24-10 Email:
Homepage
http://www.ldi.nrw.de 

19. Updates

We will update this privacy policy from time to time to adapt it to new developments. If we have the opportunity to contact you, we will notify you of relevant changes.

Status of this privacy policy: 4/2020

Information on Data Protection regarding Collection of Employees’ Data

I. Preliminary marks

In the case of application documents submitted, and other data collected in the application process, which can be personally assigned to you as a job applicant, these personal data are protected in accordance with Art. 4 No. 1 of the EU-General Data Protection Regulation (EU-GDPR).

The collection and processing of your personal data is solely effected by our company in compliance with the data protection requirements. Under the applicable data protection law, your personal data may only be collected, stored, published or used (Data Processing, Art. 4 No. 2 EU-GDPR) if this is expressly permitted or mandated by law, or if you have given your express consent (Art. 6 Sect. 1 p. 2 a) in conjunction with Art. 7 EU-GDPR). Processing of your personal data is, in particular, permitted if this is required for the decision as regards an employment relationship or for the establishment or termination of an employment relationship (§ 26 Sect. 1 of the German Federal Data Protection Act (BDSG), Art. 6 Sect. 1 p. 2 b) EU-GDPR).

The same shall apply insofar as data processing is required to safeguard justified interests of the organisation responsible for purposes other than the employment relationship, and there is no reason to believe that your legitimate interest as the person involved outweighs the exclusion of processing or usage (Art. 6 Sect. 1 p. 2 f) EU-GDPR).

Pursuant to Art. 4 No. 7 EU-GDPR, the organisation responsible for the data processing in the course of an job application procedure is our company,

Flughafen Köln/Bonn GmbH, Heinrich-Steinmann-Str. 12, 51147 Cologne.

You can contact our data protection officers at any time regarding privacy-related aspects. Contact information is available on our website at the following address (https://www.koeln-bonn-airport.de/serviceseiten/datenschutz.html).

II. Data protection rights

As regards your processed personal data, you have various rights and entitlements vis-à-vis the responsible authority. In compliance with § 34 German Federal Data Protection Act, Art. 15 EU-GDPR, you have the right to information on the data stored in relation to your person and to their origin, the recipients or categories of recipients to whom these data are disclosed, and the purpose of the storage.

Moreover, in compliance with § 35 German Federal Data Protection Act, Art. 15 - 18 EU-GDPR, you also may have the right to rectification, blocking or deletion of your personal data. Pursuant to § 36 German Federal Data Protection Act, Art. 21 EU-GDPR, you can at any time disagree to the processing of personal data related to your person. Pursuant to Art. 20 EU-GDPR, you can also demand that the data be transferred to another responsible organisation.

Lastly, in compliance with Art. 77 EU-GDPR, you have the right to lodge a complaint with the appropriate data protection authority.

III. Application for an advertised Position

In order to include you in application procedures for a specific position, we require the customary and informative application documents which inform us of your personal profile and qualifications. As a matter of principle, we only use your application documents for making the decision on filling the position you have specifically applied for. For information purposes, in the course of the application procedure further personal data can be collected from you personally, from generally accessible sources, or from previous employers and training supervisors. The legal basis of data processing is Art. 6 Sect. 1 p. 2 b) EU-GDPR, § 26 Sect. 1 German Federal Data Protection Act. If the application procedure does not result in recruitment, we will, as a matter of course, delete and destroy your application data, as soon as a period of six months has elapsed after a definitive refusal has been made on your part or on the part of our company.

If the application procedures results in recruitment, we will, insofar as required on the basis of Art. 6 Sect. 1 p. 2 b) EU-GDPR, § 26 Sect. 1 German Federal Data Protection Act, include your application documents in your personnel file to establish the employment relationship and gain information on your personal profile and qualifications. This will apply regardless of whether or not you have revoked your given consent at a later stage. In such a case, your application documents will not be deleted and destroyed until your employment relationship has been terminated and a period of three years following the end of the year of termination has elapsed.

IV. Unsolicited applications

If you submit an unsolicited application which does not apply to one specific position, we can use your application documents within the scope of making recruitment decisions on all potential positions. For this purpose, we may make your application data available to selected decision-makers for automatic searches for recruitment purposes. As soon as your application documents are included in a recruitment procedure, further personal data can be collected from you personally, from generally accessible sources or from previous employers and training supervisors, to provide us with more specific information on your personal profile and your qualifications. After a period of one year has elapsed, we will, as a matter of course, delete and destroy your application data, however, not before in the case of all application procedures, in which your application documents were involved, a period of six months has elapsed after a definitive refusal has been made on your part or on the part of our company.

If the application procedures results in recruitment, we will, insofar as required on the basis of Art. 6 Sect. 1 p. 2 b) EU-GDPR, § 26 Sect. 1 German Federal Data Protection Act, include your application documents in your personnel file to establish the employment relationship and gain information on your personal profile and qualifications. This will apply regardless of whether or not you have revoked your given consent at a later stage. In such a case, your application documents will not be deleted and destroyed until your employment relationship has been terminated and a period of three years following the end of the year of termination has elapsed.

Information on Data Protection for Business Customers

The collection and processing of your personal data is solely effected by our company in compliance with the data protection requirements, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Therefore, your personal data may only be collected, stored, published or used if this is expressly permitted or mandated by law, or if you have given your express consent.

Responsibility and contact partner

The responsible organisation (Art. 4 No.7 GDPR) for the processing of your personal data is: Flughafen Köln/Bonn GmbH, Heinrich-Steinmann-Straße 12, 51147 Cologne. Any queries regarding data protection can be directed at any time to our data protection officer at .

Overview of relevant data processing procedures

We only process your personal data insofar as it is (1) necessary for fulfilling contracts (Art. 6 Sect. 1 p. 1 b) GDPR), or (2) the data processing is required for safeguarding the legitimate interests of the company, and there is no reason to believe that your legitimate interest as the person involved outweighs the exclusion of processing or usage (Art. 6 Sect. 1 p. 1 f) GDPR), or (3) there is a legal obligation that requires personal data be justifiably processed (Art. 6 Sect. 1 p. 1 c) GDPR), or (4) you have given explicit consent to the respective processing (Art. 6 Sect. 1 p. 1 a) GDPR).

  • Processing master and contact data: We process your business contact data (address, e-mail address, telephone and fax numbers) to fulfil our contractual obligations vis-à-vis you and/or the company you are employed by (Art. 6 Sect. 1 p. 1 b) GDPR).
  • Processing to maintain business relationships: We process your business contact data (address, e-mail address, telephone and fax numbers) to establish business contacts and maintain business relationships. This is in our legitimate interest (Art. 6 Sect. 1 p. 1 f).
  • Processing in business documents: We also process your personal data if these are included in business correspondence, e-mails or other documents which we require to process contracts with your company (Art. 6 Sect. 1 p. 1 b) GDPR).
  • Data processing for reasons of Airport safety and security: In compliance with the Aviation Security Act, we are legally obliged to only allow access to security areas after the correct application for a day and/or security pass has been made. In the application procedure the personal data submitted by you (name, master and contact data, reason for access, the employing company, other details [last places of residence and work]) are solely processed for carrying out the application procedure. These data will also be disclosed to the responsible district government.
  • In the course of our business communication we can make available data on our server for download. For this purpose, you will receive a link per e-mail. Using a personal and secure access, we will process your name, e-mail address, IP address and access time exclusively for the proper provision of the data. This data processing is in our preponderant justified interest in accordance with (Art. 6 Sect. 1 Clause 1 lit. f) of the General Data Protection Regulation (GDPR).

On our website, you have the possibility of booking appointments with our registration office online, for instance to apply for an airport security pass or to collect such a pass. The personal data you give us (name, e-mail address, date of appointment) will only be processed to render the services we are obliged to provide or on the basis of our legitimate interest (Art. 6 Section 1 lit. b, f GDPR). In order to provide this reservation portal, we cooperate with an external processor we have carefully selected and bound by contract to comply with statutory requirements pursuant to Art. 28 GDPR to ensure the protection of your personal data.

Our cooperation with third-party companies/enterprises

We also benefit from the advantages of a collaborative society and business world. In the data processing sector this means that not all data processing procedures are carried out in-house, but we also cooperate with external service providers:

  • External (IT-) service providers, who, as processors, we have obligated to process data strictly to our guidelines and instructions and fully protect these data on both a technical and organizational basis.
  • External (IT-) service providers, who work for us in their own responsibility and are contractually obligated to fully protect data on both a technical and organizational basis.

Disclosure to other third parties

The personal data collected can also be transmitted to responsible authorities and courts of law, as well as to lawyers, auditors, tax consultants, management consultants and similar service providers with a particular position of trust and likewise committed to confidentiality. Disclosure of your personal data to a third party will only take place insofar as it is necessary to fulfil the given purposes and in compliance with data protection laws pursuant to Art. 6 GDPR, § 26 Sect. 1 German Federal Data Protection Act.

Storage and deletion of your data

We delete your personal data when the above mentioned purposes no longer apply, or if consent has been revoked, the legal obligation period to retain data has elapsed and we have no legitimate interest in continuing to store the data.

Your data protection rights and entitlements

Insofar as we process your personal data, you have various rights and entitlements vis-à-vis our company. You have the right to

  • demand information on the data stored in relation to your person and to their origin, the processing purpose, recipients or categories of recipients to whom these data are disclosed and the purpose of the storage (Art. 15 GDPR, § 34 German Federal Data Protection Act ),
  • under certain conditions, demand rectification, blocking or deletion of your personal data by us (Art. 16 - 18 GDPR, § 35 German Federal Data Protection Act ),
  • demand that the data be transferred to another responsibility organisation (Art. 20 GDPR) and
  • lodge a complaint with us or the appropriate data protection organisation (Art. 77 GDPR).

You can also object to the further processing of your data, if we are processing your data for the purpose of a legitimate interest (Art. 6 Sect. 1 p. 1 f) GDPR). Since we do not process your data for advertising purposes this will require a special reason. In the case of an objection we will, upon receipt of the same and during the subsequent verification, no longer process your personal data and after the verification – in the case of a justified objection – delete the data (§ 36 German Federal Data Protection Act , Art. 21 GDPR).

Consent to data processing (Art. 6 Sect. 1 p. 1 a) GDPR) conveyed to us can at any time be revoked; in such a case we shall no longer process your personal data, unless legal permission for this is in place.

A justified objection and revocation shall have no impact on data processing operation already effected.

We shall fulfil all your rights without delay and free of charge.

Data Protection Representative

Flughafen Köln/Bonn GmbH

Service area of the website

Skyline

End of section: return to navigation within the page